12-1-2024 (BEIJING) China has recently made a bold claim, asserting that it has successfully cracked the encryption of Apple’s popular file-sharing feature, AirDrop. This breakthrough allegedly allows Chinese authorities to track the identity of senders using the service. The Beijing Municipal Bureau of Justice has revealed that the Beijing Wangshendongjian Forensic Appraisal Institute, operating under the Chinese government, was responsible for analyzing device logs of phones submitted for inspection. Through their analysis, the institute’s forensic experts claim to have cracked the AirDrop encryption that safeguards the sender’s identity.
The institute’s statement, translated by Google Translate, disclosed that certain fields associated with the sender’s device name, email address, and mobile phone number were recorded as hash values, with some of these fields remaining hidden. To swiftly crack this field, the technical team at the institute developed a comprehensive “rainbow table” of mobile phone numbers and email accounts. This table enables them to convert the encrypted text into its original form, thereby quickly identifying the sender’s mobile phone number and email account.
The Bureau of Justice argued that this action was necessary due to reports from citizens claiming to have received inappropriate content on their iPhones while using the Beijing subway. Authorities discovered that the suspect had anonymously spread the content using AirDrop in public places. The bureau emphasized that conventional network monitoring methods are ineffective in monitoring such incidents since AirDrop does not require an internet connection for file transfer.
It is worth noting that the flaw enabling this encryption crack was brought to Apple’s attention in 2019. Researchers from the German university Technische Universität Darmstadt (TU Darmstadt) reported this vulnerability to Apple. Thomas Schneider, a professor of computer science at TU Darmstadt, expressed his disappointment in seeing the flaw exploited after offering an efficient protocol and open-source implementation to resolve the vulnerability.
The Beijing institute’s exploitation of the AirDrop vulnerability was based on Apple’s insecure use of hash functions to obscure contact identifiers in the AirDrop protocol’s execution. TU Darmstadt researchers had discovered this flaw in 2019 and had even developed an open-source fix for it. The institute’s forensic experts extracted hash values of the senders’ contact identifiers from log files on recipient devices. They then utilized hash reversal attacks, employing rainbow tables, to efficiently retrieve the contact identifiers in their original form.
As of now, it remains unclear whether Apple has addressed the AirDrop vulnerability. TechTarget Editorial reached out to Apple for comment but has yet to receive a response.
Cryptography expert and associate professor at John Hopkins University, Matthew Green, raised concerns about the potential political implications between Apple and China if the flaw is fixed. He mentioned that the Chinese state authorities have capitalized on this known flaw, which Apple had failed to address since 2019, to develop a system for tracing the senders of AirDrop files. Green highlighted that this discovery threatens a popular method used by individuals in China to bypass censorship. He also emphasized that addressing the flaw at this stage could have significant political ramifications for Apple’s relationship with China.
While the AirDrop exploit has been utilized by Beijing authorities in criminal cases, it is possible that it could also be leveraged for cyber espionage purposes. The Chinese government has been associated with aggressive hacking and intelligence collection activities in the past. Government security agency heads from the U.S., Canada, the U.K., Australia, and New Zealand have previously warned about the unprecedented threat posed by Chinese spying and urged organizations to take appropriate measures to protect themselves.
